Ringleader of cybercrime group to be offered a job as cybercrime fighter

Ringleader of cybercrime group to be offered a job as cybercrime fighter

Summary: Owen Thor Walker, a 18 years old ringleader of an international cybercrime group, known as AKILL, part of the A-Team, a group of 8 script kiddies which were all caught in a operation called "Operation Bot Roast II" bust executed by the FBI and several international law enforcement agencies in 2007, responsible for pump'n'dump stock price manipulations through spam, infecting 1.

SHARE:

Owen Thor WalkerOwen Thor Walker, a 18 years old ringleader of an international cybercrime group, known as AKILL, part of the A-Team, a group of 8 script kiddies which were all caught in a operation called "Operation Bot Roast II" bust executed by the FBI and several international law enforcement agencies in 2007, responsible for pump'n'dump stock price manipulations through spam, infecting 1.3M computers with malware, further infecting them with spyware earning nearly $40,000 in the process, in between launching a DDoS attack against the University of Pennsylvania, causing an overall damage of over $20M, has been discharged and could be offered a job as a cybercrime fighter :

In court yesterday, Walker, who has Asperger's syndrome, a mild form of autism, smiled as he heard the prosecution describe how international investigators considered his programming to be 'amongst the most advanced' they had encountered. Judge Judith Potter described him as a young man with a bright future and ordered him to pay damages and costs of £5,500, but did not record a conviction. Detective Inspector Peter Devoy said that while 'there is no offer on the table, the option is being kept open'. Maarten Kleintjes, head of the police e-crime laboratory, said the self-taught Walker had a unique ability and was 'at the top of his field'.

It's one thing to discharge him given his age, but entirely another to be publicly fascinated by what he did, state it publicly, and even consider the possibility of offering him a job, which indicates a great deal of ignorance from those who"ought to know".

He is neither a hacker, nor a computer genius possessing some kind of unique skills, he's just someone proving for yet another time that it's not a matter of lack of capabilities for committing cybercrime, but a matter of courage to so. A little something on his "considered to be" highly sophisticated malware :

"The bot code is considered very advanced by international cyber crime investigators, containing a number of sophisticated features that protect it from discovery, allow it to spread automatically and allow it to identify and destroy rival bot code. One feature automatically disabled any antivirus software on an infected computer and prevented the software from being updated, say the documents. "

In reality though, his malware bot going under the name of AkBot is using modules from commodity malware bots, namelyAkBot, what he did is combined different scanning modules attempting to locate hosts vulnerable to a different set of vulnerabilities, compared to the misunderstanding that he had coded the bot from scratch. Each of these features, next to the many others offered by an average malware bot freely available for download on the Internet, aren't exclusive, but commodity features. Moreover, given that today's malware bots are open source ones, what he did is modify the command and control locations, then compile and start spreading the bot.

The day when a script kiddie knowing how to compile their own botnets after watching a video tutorial that comes with the bot is called a hacker, or being offered a job for using a already available feature allowing the "killing of running security software" and preventing it from reaching its update locations by, is the day when you're officially admitting you have absolutely no idea what's going on online. Here's a sample output from a sandboxed copy of one of his malware variants scanning for MS04-012: DCOM RPC Overflow exploit and MS04-011: LSASS Overflow exploit at large :

"PRIVMSG #yahoo :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m. PRIVMSG #yahoo :[MAIN]: Bot ID: rx-asn-2-re-worked . PRIVMSG #yahoo :[SCAN]: Exploit Statistics: Dcom135: 0, Dcom445: 0, Dcom1025: 0, lsass_445: 0, lsass_139: 0, dcass: 0, MassAsn: 0, plugnplay: 0, VNC: 0, netapi: 0, sym: 0, asn1http: 0, asn1smb: 0, asn1smbnt: 0, Total: 0 in 0d 0h 0m. PRIVMSG #yahoo :[MAIN]: Uptime: 0d 0h 2m. PRIVMSG #yahoo :[PROC]: Failed to terminate process: PROCESS_NAME_TO_TERMINATE PRIVMSG #yahoo :[HTTPD]: Server listening on IP: *.*.*.*:5678, Directory: \. PRIVMSG #yahoo :[DDoS]: Done with flood (0KB/sec). PRIVMSG #yahoo :[DDoS]: Flooding: (*.*.*.*:1234) for 50 seconds. PRIVMSG #yahoo :[SYN]: Done with flood (0KB/sec). PRIVMSG #yahoo :[SYN]: Flooding: (*.*.*.*:1234) for 50 seconds. PRIVMSG #yahoo :[SCAN]: IP: *.*.*.* Port: 1234 is open. PRIVMSG #yahoo :[SCAN]: Port scan started: *.*.*.*:1234 with delay: 50(ms). PRIVMSG #yahoo :[UDP]: Sending 40 packets to: *.*.*.*. Packet size: 50, Delay: 60(ms). PRIVMSG #yahoo :[PING]: Finished sending pings to *.*.*.*. PRIVMSG #yahoo :[PING]: Sending 40 pings to *.*.*.*. packet size: 50, timeout: 60(ms). PRIVMSG #yahoo :[UDP]: Finished sending packets to *.*.*.*."

This isn't ground breaking, it's in fact outdated and being impressed by this enough to even consider offering him a job could not just set an important precedent, but in fact question the expertise level of those impressed by his sophisticated malware bot.

If the size of the bothet matters, and speaks for some kind of pseudo-unique capability to utilize client-side vulnerabilities using publicly obtainable web malware exploitation kits, initiate an international "We are hiring!" campaign and have botnet masters replace cybercrime experts based on how much they impress you at the job interview, and, of course, based on what the RBN wrote about them in its recommendation based on their previous working relationship.

Topics: Malware, Outage, Security, IT Employment

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • .....

    All this does is re-enforces that accountability for ones actions are almost non-existent and will only serve to encourage other miscreants to follow in this punks steps.

    As for the level of knowledge in the law sector... you seem about on target with that assessment. ]:)
    Linux User 147560
  • Real hackers don't get caught!

    (nt)
    THEE WOLF
  • RE: Ringleader of cybercrime group to be offered a job as cybercrime fighter

    Just indicative of the "government security" intelligence. We all often make fun of how bass-ackwards and behind the times the government security folks are... and to be amazed and impressed by some autistic script-kiddie underscores idiocy of the highest kind.

    Sad... maybe they'll recruit him for the TSA... he can stare blankly at my ID and boarding pass as if somehow it'll magically tell him if I'm a bad guy or not...
    Rafal.Los (RX8volution)
  • The other victim in this tragedy.

    Well, there goes another term all shot to hell. I guess we need to come up with another word or phrase for dumb kids who download malware from cracker sites and beta test them for the Russian Mafia. How about... IDIOTS. If that kid is as good as those "awestruck" investigators make him out to be, then he is not a script kiddie. But it's too late now. The word is out, and it's being echoed and amplified by the hour. Goodbye "script kiddie". You barely made it to the age of 10 before your was soul was replaced by a careless and dishonorable press.

    BTW: I nearly fell out of my chair when I saw that kid's picture. He could be my step-son's twin brother. They're the same age too.
    kozmcrae
  • RE: Ringleader of cybercrime group to be offered a job as cybercrime fighter

    I think he aught to go into the business of making bot-net busting software that is in turn incorporated into all the commonly used web browsers, so when people browse to infecting networks, the browsers destroy the botnets, and whenver the browser is open on a computer, the browser kills any botnets that may have infected that computer.

    He could earn billions doing that...
    kokuryu
  • RE: Ringleader of cybercrime group to be offered a job as cybercrime fighter

    You're kidding, right?

    What horrendous lack of judgment (no pun intended). Maybe Detective Inspector Peter Devoy's and Judge Judith Potter's future careers should be discussed as well.

    Who considered his skills "advanced"? It's no wonder Walker had a smirk.


    http://blog.threatfire.com
    TF_kj
  • RE: Ringleader of cybercrime group to be offered a job as cybercrime fighter

    My reaction also was, "You're kidding, right?"

    Let me get this straight. I simply have to find an autistic genius (I was looking for those when I started a data entry business 20 years ago); direct them to hack Fortune 100 sites; make tens of thousands of dollars from the hacking while paying the hacker a small percentage; get arrested, call Daddy to get bail, and then I'll be offered a position as an expert to help law enforcement combat hacking. As I'm making money helping law enforcement, I can start all over, finding a new way to hack sites, and repeat the entire process ad nauseum.

    Now that's American enterprise! Whether you are a bootlegger or a drug dealer, a mobster or a white collar criminal, as long as you make money in this country, you are a winner!

    Anyone out there offering hacking consulting services?

    Deborah Wallis
    dba Deborah Data Group
    Deebs
  • RE: Ringleader of cybercrime group to be offered a job as cybercrime fighter

    What is wrong with this picture, folks? Do the crime and...get a plum job. Well, that will set an example for others now, won't it?

    ..."he???s just someone proving for yet another time that it???s not a matter of lack of capabilities for committing cybercrime, but a matter of courage to so."

    Courage??? Thoughtless, irresponsible, criminal--heck I could think of a bunch of words other then "courage".

    No wonder every day has become a battle between the honest folk in the computer world and these crooks.

    Geez, they should have made John Gotti the Financial Director of, maybe, a huge plumbing firm.
    EBathory
  • RE: Ringleader of cybercrime group to be offered a job as cybercrime fighter

    Autsim, hah, sounds like he has a well developed sense of Criminality (a common form of mental illness in preditors). Who cares if he is at the top of his field, he caused loads of damage to countless people, now this Longhair is now a Hero?

    Were is the prevention for future crime, when Judges and Prosecutors make this punk an example of good.
    jasahasch@...
  • RE: Ringleader of cybercrime group to be offered a job as cybercrime fighter

    Yeah sure, I'd hire him, if he was going to work at a COMPETITOR'S desk! That kind of fairy tale only works consistantly and well in books and TV shows.
    Next thing you know we'll be giving awards to murderers of murderers?

    He did it, they have the evidence and trails; they don't need him; let him rot in jail where he belongs; he can play with the pay phones.
    twaynesdomain-22354355019875063839220739305988